===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/gss-serv.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- src/usr.bin/ssh/gss-serv.c	2008/05/08 12:02:23	1.22
+++ src/usr.bin/ssh/gss-serv.c	2011/08/01 19:18:15	1.23
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -225,6 +225,8 @@
 	name->length = get_u32(tok+offset);
 	offset += 4;
 
+	if (UINT_MAX - offset < name->length)
+		return GSS_S_FAILURE;
 	if (ename->length < offset+name->length)
 		return GSS_S_FAILURE;